ClawAudit verdict

agency-agents

agency-agents-wrapper

18
🔴 Dangerous
High-risk patterns flagged for review — automated deep scan, not behaviorally verified.

The skill has execution sink detected, which could potentially lead to malicious code execution.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
90
transparency
70
maintenance

Findings (11)

Pattern match critical

Uses eval() — can execute arbitrary code

references/agents/engineering/engineering-ai-data-remediation-engineer.md · code · eval(

Pattern match critical

Possible hardcoded credential

references/agents/engineering/engineering-technical-writer.md · code · apiKey: 'YOUR_SEARCH_API_KEY

Pattern match high

Instructs covert action — may act without user awareness

references/agents/design/design-whimsy-injector.md · code · without telling

Pattern match medium

Opens WebSocket connection

references/agents/specialized/lsp-index-engineer.md · code · WebSocket

Pattern match medium

Accesses sensitive environment variables

references/agents/engineering/engineering-database-optimizer.md · code · process.env.SUPABASE_ANON_KEY

Pattern match medium

Base64 encoding/decoding

references/agents/engineering/engineering-devops-automator.md · code · base64encode

Pattern match medium

Popular HTTP library — network access

references/agents/marketing/marketing-livestream-commerce-coach.md · code · got

Pattern match medium

References webhook/callback URL

references/agents/support/support-infrastructure-maintainer.md · code · WEBHOOK_URL

Pattern match low

Makes HTTP request to external URL

references/agents/engineering/engineering-feishu-integration-developer.md · code · fetch( 'https://

Pattern match low

References tunneling service

references/agents/engineering/engineering-feishu-integration-developer.md · prose · downgraded · ngrok

Pattern match low

References agent memory files

references/agents/integrations/mcp-memory/README.md · prose · downgraded · memory.md

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B/D/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API